How Pay-By-Phone Can Help Healthcare Providers with PCI Compliance

By Barnard Crespi

If your organization is accepting credit cards over the phone as a form of payment for services, you MUST be PCI Compliant.

The way healthcare providers take payment with credit cards is undergoing significant and continuous change as a result of the Payment Card Industry (PCI) security requirements, and the efforts of PCI Security Standard Council to secure credit card holder information. What used to be accepted practices, are now being changed with much more restrictive measures to ensure that credit cardholder information is protected. This industry transformation is impacting how healthcare providers take and process payments over the phone.

When your patients are calling you to pay for services over the phone, you are responsible for securing your patient’s credit card information while you are collecting and transmitting this highly sensitive information. You must ensure that all credit card collection and transmission points, your staff, phone systems, software solutions, network segments, and data storage solutions comply with the PCI security standards. This includes any wired, wireless, private, and public networks. Security starts at the point where payment card information is collected whether it is given to an employee of your organization over the phone, mailed in, in person to the cashier, or entered into an electronic device.

When you have staff interacting with your patients credit card information, the people, systems and processes that accept and process payment cards, must comply with PCI standards. Any person or system that touches or stores in text or voice, credit card data is subject to PCI compliance. This includes all your manual and automated systems.

At the top of your watch list:

  • Ensure that all employees who handle credit card payments adhere to an information security policy which is PCI compliant.
  • Ensure that all systems including your PBX (VoiP), PCs, switching equipment, network servers, routers, and software are fully PCI compliant.
  • Ensure that transmission of cardholder data across your networks and on to public networks is encrypted.
  • DO NOT store sensitive authentication data (CVV / CVC code)
  • Try not to store credit card numbers. If you need to store it, make sure all stored credit card data (card number) is rendered unreadable (encrypted) at all times.
  • Ensure you have an appropriate data retention policy in place and followed. All disposal of stored card data should be done in a secured manner.

And the list goes on.

The cost of managing payment security is becoming of greater concern to healthcare providers, as the measures to protect credit card holder information and adherence to payment card industry security requirements are becoming stricter. To help manage the costs of payment security, organizations have two options, (a) managing payment security in-house by retrofitting their organization or (b) outsourcing payment related components that can minimize their risk. Understanding the impact of a payment security approach to overall payment security management costs, requires an analysis of processes, infrastructure, and technology costs, as well as the cost of personnel. Choosing the right approach is paramount.

One such solution that can help healthcare providers manage their costs of PCI Compliance effectively is by implementing a secure Pay-By-Phone solution by a PCI Compliant service provider. This approach removed the handling of sensitive credit card information away from staff.

At Datatel, we help businesses solve this problem, by delivering a Pay-By-Phone solution on the cloud which removes the handling of all credit card information by staff typically tasked with taking calls from patients and handling other forms of unsecured credit card transactions. Datatel’s CryptolVR Pay-By-Phone is the most robust, cost-effective, and easy to deploy IVR Payment platform on the Cloud to process Credit Card payments 24/7, in a PCI compliant environment.

Datatel has been providing Pay-By-Phone solutions on the Cloud to hundreds of businesses, healthcare providers, governments, and not-for-profit organizations for over ten years.

Implementation is quick and simple with industry-specific templates.

When reviewing your PCI compliance we recommend contacting your merchant service provider who will be able to guide you with resources and expert assistance to meet your specific PCI compliance requirements.

We’re Here to Help

What our clients are saying about us

“Never any issues with you guys! Things just work.”

Gerry Henstra, CEO, Henstra Business Solutions

“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”

Jeff Boatman, Global Client Solutions

“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”

IT Manager

“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”

Joe Grossman, Sr. Vice President, 121 Direct Response

“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”

Ryan McCullough, Marketing Manager, Aegon Direct

“Great team to work with. I look forward to utilizing some additional capabilities in the future.”

Bob Griffin, VP of Operations, MedA/Rx

“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”

Director of Student Accounts

“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”

Anne Pennell, VP, Customer Services Operations, Standard Life

“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”

Kim Pace, Director Patient Accounts and Revenue, Chatham-Kent Health Alliance